From c10e7ef311b695f5116f7c936bb5eb9104d1351a Mon Sep 17 00:00:00 2001 From: Brian Hawley Date: Wed, 14 Sep 2022 18:38:39 -0700 Subject: [PATCH] Support ssrf_filter 1.1 Includes a backwards compatibility mode for SsrfFilter 1.0, which is needed for Ruby 2.5 and JRuby 9.2. Also includes a local version constraint for fog-google for Ruby 2.5 and JRuby 9.2 because of a known but undeclared incompatibility in that gem. gemfiles/rails-6-1.gemfile already has this fix. [Fixes #2625] --- Gemfile | 2 ++ carrierwave.gemspec | 1 - lib/carrierwave/downloader/base.rb | 8 ++++++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 9ee6af97..dbfed9c6 100644 --- a/Gemfile +++ b/Gemfile @@ -3,5 +3,7 @@ source "https://rubygems.org" gem "activemodel-serializers-xml" gem 'sqlite3', platforms: :ruby gem "activerecord-jdbcsqlite3-adapter", platform: [:jruby, :truffleruby] +# See https://github.com/fog/fog-google/issues/535 for this restriction. +gem "fog-google", "~> 1.13.0" if RUBY_VERSION.to_f < 2.6 gemspec diff --git a/carrierwave.gemspec b/carrierwave.gemspec index 11d9a721..63f1c91c 100644 --- a/carrierwave.gemspec +++ b/carrierwave.gemspec @@ -46,5 +46,4 @@ Gem::Specification.new do |s| if RUBY_ENGINE != 'jruby' s.add_development_dependency "pry-byebug" end - s.add_development_dependency "ssrf_filter", "< 1.1.0" end diff --git a/lib/carrierwave/downloader/base.rb b/lib/carrierwave/downloader/base.rb index fdfaf1bb..a158e98e 100644 --- a/lib/carrierwave/downloader/base.rb +++ b/lib/carrierwave/downloader/base.rb @@ -30,8 +30,12 @@ module CarrierWave response = OpenURI.open_uri(process_uri(url.to_s), headers) else request = nil - response = SsrfFilter.get(uri, headers: headers) do |req| - request = req + if ::SsrfFilter::VERSION.to_f < 1.1 + response = SsrfFilter.get(uri, headers: headers) do |req| + request = req + end + else + response = SsrfFilter.get(uri, headers: headers, request_proc: ->(req) { request = req }) end response.uri = request.uri response.value